Overview

overview

10

Static

static

1

173fd53dae...539.js

windows7-x64

10

173fd53dae...539.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    173fd53dae86a5a6b7c4af3e08c06539

  • Size

    12KB

  • Sample

    231230-npl5aabfa6

  • MD5

    173fd53dae86a5a6b7c4af3e08c06539

  • SHA1

    601f17247f330e78776eaa58fbd6fa1a3fbdf9f8

  • SHA256

    c3e72d149e6ee949a7118dec62a17b6a8513d244cf593381fbaca3890f64e6d7

  • SHA512

    a6af8383cfe37f27881573898aca705d1bbdc900da5ac42507ece882a08c6fdd4b48d295d9906def91bf4938c8a96411a64199a651f8bdf26927841694436cbc

  • SSDEEP

    192:eqU0WY8BPwheQw5Imv/494dWS++I8SeGru5RPZ3HPLCi6KJIwG7ZZSJy:eqUVfBPwhUGK/665GSNvL/yTvSJy

Score
10/10
vjw0rmpersistencetrojanworm

Malware Config

Targets

    • Target

      173fd53dae86a5a6b7c4af3e08c06539

    • Size

      12KB

    • MD5

      173fd53dae86a5a6b7c4af3e08c06539

    • SHA1

      601f17247f330e78776eaa58fbd6fa1a3fbdf9f8

    • SHA256

      c3e72d149e6ee949a7118dec62a17b6a8513d244cf593381fbaca3890f64e6d7

    • SHA512

      a6af8383cfe37f27881573898aca705d1bbdc900da5ac42507ece882a08c6fdd4b48d295d9906def91bf4938c8a96411a64199a651f8bdf26927841694436cbc

    • SSDEEP

      192:eqU0WY8BPwheQw5Imv/494dWS++I8SeGru5RPZ3HPLCi6KJIwG7ZZSJy:eqUVfBPwhUGK/665GSNvL/yTvSJy

    Score
    10/10
    vjw0rmpersistencetrojanworm

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks